Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\pqwptqfq.lnk
- %WINDIR%\microsoft.net\framework\v2.0.50727\applaunch.exe
- %TEMP%\nsp65a4.tmp\uac.dll
- <LS_APPDATA>\new package\uninst.exe
- %TEMP%\new feature\idm.6.32.1+patch.exe
- %TEMP%\new feature\pqwptqfq.vbs
- %TEMP%\nsp65a4.tmp\nsexec.dll
- %TEMP%\nsp65a4.tmp\ns6631.tmp
- %TEMP%\dup2patcher.dll
- %HOMEPATH%\appdata\pqwptqfq.vbe
- %TEMP%\nsp65a4.tmp\ns6631.tmp
- %TEMP%\nsp65a4.tmp\nsexec.dll
- %TEMP%\nsp65a4.tmp\uac.dll
- '%TEMP%\new feature\idm.6.32.1+patch.exe'
- '%TEMP%\nsp65a4.tmp\ns6631.tmp' "<SYSTEM32>\CScript.exe" "%TEMP%\New Feature\PqwPTQfq.vbs" //e:vbscript //B //NOLOGO
- '%TEMP%\nsp65a4.tmp\ns6631.tmp' "<SYSTEM32>\CScript.exe" "%TEMP%\New Feature\PqwPTQfq.vbs" //e:vbscript //B //NOLOGO' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' [Reflection.Assembly]::Load((Get-ItemProperty HKCU:\/Software\/VNJXRFSAGQUDY).vVsBsb);[Crypt]::Morfey('AppLaunch', (Get-ItemProperty HKCU:\Software\VNJXRFSAGQUDY).etohVgyqk)' (со скрытым окном)
- '<SYSTEM32>\cscript.exe' "%TEMP%\New Feature\PqwPTQfq.vbs" //e:vbscript //B //NOLOGO
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' [Reflection.Assembly]::Load((Get-ItemProperty HKCU:\/Software\/VNJXRFSAGQUDY).vVsBsb);[Crypt]::Morfey('AppLaunch', (Get-ItemProperty HKCU:\Software\VNJXRFSAGQUDY).etohVgyqk)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\applaunch.exe'